STANDARD 5.3Objective 3

Students will explain and understand the need for confidentiality.

CONFIDENTIALITY

Customers have a right to expect privacy and confidentiality

This applies to all industries Health Travel Entertainment Education Etc….

WHAT HAPPENS AT THE DR. OFFICE STAYS AT THE DR. OFFICE How would you feel if…

You went to the Doctor expecting your information to stay confidential, and the Doctor shared your information with others. Now your family may know of your situation, or you receive junk mail for treating ___ disease. Or people saying congratulations, when you haven’t told anyone you are pregnant. Awkward…….

HEALTH INDUSTRY

Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule, a Federal law that protects health information in electronic form, requires entities covered by HIPAA to ensure that electronic protected health information is secure.

HIPAA

Health Insurance Portability and Accountability Act, a 1996 Federal law that restricts access to individuals' private medical information

Protects individuals information Strict punishments for violations You usually are asked to sign different forms at the Dr.

office to allow them to share information, in certain ways to a select group of people. This protects under HIPAA requirements

Doctors and Health care professionals want your business and want to stay in business and must follow policies put in place to protect individuals private information.

EDUCATION

Like many other areas, you have right to expect confidentiality. Along with other things, teachers can’t disclose your grades or

behaviors to your neighbors or others. Colleges and Universities can’t release information to spouses, or other family members without written permission.

FERPA

Family Education Rights and Privacy act of 1974- Federal Law Gives students access to their education records, an

opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records

Examples of situations affected by FERPA include school employees divulging information to anyone other than the student about the student's grades or behavior, and school work posted on a bulletin board with a grade. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record.

OSHA

Occupational Safety and Health Administration (OSHA)

With the Occupational Safety and Health Act of 1970, Congress created the Occupational Safety and Health Administration (OSHA) to assure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance.

TRAVEL INDUSTRY

Today’s world requires a lot of documentation when traveling. Passports, Id’s, tickets, reservations and plenty of confirmation

numbers

Booking trips involves many individuals, in several states or even countries.

It is vital that during the booking, travel and billing process all information is kept safe.

Having theft while traveling (robbery, id theft…… any form of losing money) is already a huge concern for those who travel. Companies must do everything they can to ensure customers’ information will say secure.

RETAIL STORES/ RESTAURANTS/ENTERTAINMENT Customers use debit and credit cards on a daily basis as

a variety of retail locations. They expect their financial information to stay safe and

secure. Breeches in security, have caused companies $$$ to fix

and resolve the issue as well as lose customer business and relations.

Customers also do not want records of their purchases made available

LIABILITIES FACED BY COMPANIES

Lawsuits Fines Imprisonment Loss of permit/license Pay for corrective services

ID Theft Credit Score

……..It all comes back to making money, company image and future business.

EXAMPLE FINES FOR HIPAA

General Penalty for failure to comply 100 a time

Wrongful Disclosure of Individually Identifiable Health Information 50-250 Thousand dollars

Those in the health industry do want to be fined and pay money out.

Not only do fines hurt the companies revenue, it also can look bad to patients and/or future patients, which could decrease future business.

LAWSUITS

Can happen for any reason Major liability for companies who violate privacy laws Costly to the company in payouts, or premiums for

insurance. Messy court situations and not wanted to drag the

company name through the mud, cause companies to settle before court dates.

LOSS OF SAFE REPUTATION

Customers want to ensure their information is secure As companies have breeches in private/secure

information, in order to keep a positive image companies Issue Statements notifying all that might be effected Pay for reconciliation services Do all they can to reassure their current and future

customers/clients that they have a secure system.

SECURITY Since confidentiality is viewed as high importance to both

customer and business it is imperative to secure private information

Protecting customer’s private information, must be top priority.

Private information includes Name Address Phone Social Security Number Family Information Medical Records Purchase Records Bank Information- Credit Card #

TYPES OF THREAT

Internal Employees/ people within the company or with access

Leaking information for personal gain

Selling contacts to other parties

Misplacing or losing information

i.e. Losing company laptop while on a business trip

Janitors or other personnel with access to secure information

Giving access codes to unauthorized individuals

THREATS

External –people outside of the company Computer Hackers

Large Variety of ways to attack systems and information

Buyers trying to purchase information Theft of

computers

Records

Documents